View WildFire Sample Analysis Processing Details
Focus
Focus
Advanced WildFire

View WildFire Sample Analysis Processing Details

Table of Contents

View WildFire Sample Analysis Processing Details

Where Can I Use This?
What Do I Need?
  • WildFire Appliance
  • WildFire License
The WildFire appliance retains records of analysis activity within an event log. You can view details about which connected services or appliances in your network analyzed a particular sample, as well as how many samples were analyzed in a given time-frame. You can use this information to monitor activity and develop policies and countermeasures against malicious activity. Unusually heavy activity can indicate suspicious activity. Also consider using a threat intelligence tool such as AutoFocus to investigate and determine the nature of a threat.
  1. View the number of samples processed locally within a specified timespan or based on a maximum number of samples.
    show wildfire local sample-processed {time [last-12-hrs| last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days| last-calender-day | last-calender-month] \ count <number_of_samples>}
    .
    Latest samples information: +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | SHA256 | Create Time | File Name | File Type | File Size | Malicious | Status | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | ce752b7b76ac2012bdff2b76b6c6af18e132ae8113172028b9e02c6647ee19bb | 2018-12-09 16:55:53 | | Email Link | 31,522 | | download complete | | 349e57e51e7407abcd6eccda81c8015298ff5d5ba4cedf09c7353c133ceaa74b | 2018-12-09 16:53:40 | | Email Link | 39,679 | | download complete | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+
  2. Identify the device(s) that submitted a specified sample for WildFire analysis.
    show wildfire global sample-device-lookup sha256equal <SHA_256>
    .
    Sample 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e last seen on following devices: +------------------------------------------------------------------+-----------+-----------+---------------------+ | SHA256 | Device ID | Device IP | Submitted Time | +------------------------------------------------------------------+-----------+-----------+---------------------+ | 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e | Manual | Manual | 2019-08-05 19:24:39 | +------------------------------------------------------------------+-----------+-----------+---------------------+

Recommended For You